1. Home
  2. Flashcards
  3. Preview

SSG 2014

  1. AMT
    • Intel® Active Management Technology is a component of our Digital Office
    • initiative and is one of our *T (Star T)
    • programs. This technology enables IT managers to remotely access and manage
    • every networked computing system — even those that lack a working operating
    • system or hard drive, or are turned off — as long as the platform is connected
    • to line power and to the network. Intel® AMT uses a separate management
    • processor that runs independently on the client machine and can be reached
    • through the wired or wireless network.
  2. AMT Instant Go
    • Management Console to detect the
    • AMT system in Connected Standby low power state, power up the system to full S0
    • state when required.



    • What are the benefits of this
    • feature:

    • AMT’s coexistence with platforms
    • supporting Microsoft Connected Standby feature provides the flexibility to end
    • user to leave the system in low power state and yet be manageable by IT when
    • needed. End users can now put the vPro systems in Connected stand by
    • state for extended battery life, instant on capability and
    • more.
  3. Cryptographic Performance
    • When connecting to the
    • internet or web applications, users want
    • the confidence that their communications and data are being secured. 
    • Securing the connection and the
    • data traveling across that connection
    • can be compute intensive and therefore impacting the users experience either
    • through visible performance degradation or in terms of shorter battery life.  By
    • optimizing key cryptographic ciphers using the above mentioned technology, the overhead of
    • establishing and maintaining a secure connection can be diminished resulting in
    • a smoother user experience and longer battery life. 

    • Symmetric
    • Encryption


    • Enhance AES cipher performance using
    • AES-NI

    • Optionally enhance the performance of AES-GCM
    • (Galois Counter Mode) using PCMULQDQ
    • instruction
  4. HD video conferencing optimization
    • Optimize HD video conferencing
    • solutions to provide smooth and clear video over typical, remote bandwidths with
    • minimal battery impact.


    15+fps

    1080p at <=1Mbps

    • 720p at
    • <=500kbps

    • Enable Region of Interest variable
    • quality to achieve <=300kbps

    10+ participants

    < 5W CPU power

    • < 20% CPU
    • utilization

    • Mean Opinion Score >= 4
    • (Good)

    • Showcase significant HD video
    • quality optimizations that can scale to other solutions and pave the way to
    • focus on enhanced user experiences.

    • Stretch goal to enable background
    • HD background segmentation.


    • stablish a deep technical engagement with at least one enterprise specific video
    • conferencing solution provider.  Identify and execute the optimizations
    • necessary to show smooth and clear HD video in typical environments such as
    • offsite, VPN, and cellular connections with multiple parties.

    • The key focus in 2014 is to better
    • understand the challenges and opportunities in the enterprise space, how they
    • align to the BKM's from consumer work, and how they differ from consumer. 
    • Develop the methodologies specific to enterprise solutions that we can scale to
    • a wider audience.
  5. Secure Key Technology
    • Strong encryption requires two things:  Robust cryptographic algorithms
    • and high quality keys (e.g. highly entropic random
    • numbers).  Intel Secure Key provides highly
    • entropic random numbers and PRNG seed material in
    • order to provide the highest quality crypto keys, nonces, and initialization vectors
    • possible.

    • ISV integration or
    • usage of RDSEED processor instruction for seeding
    • ISV Pseudo Random Number Generator
    • (PRNG)

    and/or

    • ISV integration or usage
    • of  RDRAND processor instruction for direct consumption
    • of random bytes or mixing with
    • PRNG entropy pool
  6. IPT w/ PKI, NFC Tap & Auth
    • ISV PV release of their software that implements IPT with PKI for the
    • following use cases: * No Password VPN * S/MIME – email signing/encryption *
    • Document signing * Certificate-base authentication to WiFi networks * SSL Client
    • authentication Or ISV PV release of their software that implements the NFC Tap
    • to Authenticate use case.
  7. MFA
    • Multifactor Authentication - Provide MFA Applet and Add capabilities to ISV client and/or cloud components
    • to provision a PKI certificate that uses the Intel Cryptographic Service
    • Provider (CSP). 
    • * MFA provides a secure and satisfying user experience with immediate access
    • to their stuff using many factors of authentication (Bluetooth leash, wearables,
    • proximity sensors, voice, facial recognition, gait, NFC, IPT with PKI, Protected
    • Transaction Display, etc.).   Biometrics, Built in NFC reader added to PCs
    • allows for simple and secure user authentication with Intel IPT by tapping an
    • NFC card or device on an Intel vPro system with IPT.   * User does not need to
    • enter a password.  The user becomes the password.
  8. Digital Fence
    • SCS is available with the ability
    • to configure the platform with network identities associated with "safe zones"
    • so that IT can enforce platforms to hibernate (S4) when leaving these areas in a
    • sleep (S3) state or Connected Standby (S0ix) which will force drive encryption
    • to lock.  The SCS will also be required to configure Intel Smart Connect
    • Technology parameters where applicable.



    IT


    • Configure system with "safe"
    • corporate network identities through the SCS

    • Configure ISCT (when applicable)
    • and set the associated wake interval

    • Optionally - Once settings are
    • applied to the Digital Fence service through the SCS, changes may be applied
    • through Active Directory Group Policies.



    User


    • User unlocks the system / drive
    • for normal use

    • User suspends the system (S3 or
    • S0ix) and leaves the office

    • The system detects the absence of
    • a "safe" corporate network

    • The system briefly wakes and goes
    • immediately into a hibernation state (S4)

    • When entering S4, the drive is
    • locked, protecting the data



    • NOTE: A Connected Standby solution
    • is not yet available and may not be available in the Broadwell timeframe
  9. ProSSD – Secure Containers
    • The driving concept behind “Secure Containers” is the notion that IT can
    • provision a Secure Enterprise partition on a BYOD device that supports Intel
    • ProSSD.  ProSSD supports the OPAL standard v1.0 Rev3 which allows for the
    • definition and management of multiple encrypted LBA ranges on the SSD.  Once
    • this Enterprise range and associated OS partition has been created, it can be
    • managed (meaning it can be locked, cryptographically erased, keys rotated,
    • policy managed, etc.) at which point the enterprise would feel comfortable
    • allowing Enterprise data to reside on it.  This way, the end-user is able to use
    • their personal device in the enterprise but the enterprise IT dept. has a level
    • of control regarding what enterprise data  goes on the system, where it is
    • stored (in the Secure Container), and how its secured. 
    • Enablement of one of the following solutions supporting the use of an Intel
    • ProSSD 1500 or 2500 SSD: * Good o A single encrypted LBA Range (two OS
    • partitions, one encrypted, the other not) created and policy managed via OPAL.
    • The encrypted LBA range/partition would then host the enterprise data and is
    • called the “Secure Container”. This means that all other user data would be
    • unencrypted on disk.  This case is for those consoles that can only
    • support/manage one encrypted LBA range. * Better o Two discrete encrypted LBA
    • Ranges (two OS partitions created for each range) created via OPAL.  One
    • encrypted LBA range/partition managed by IT to host Enterprise data.  The other
    • managed by the end-user to host personal (non-enterprise data).  The benefit
    • here allows the end-user to have full disk encryption, but control over the
    • decryption key. * Best o Same as ‘better’ solution, but with a Data Loss
    • Prevention solution activated which would attempt to prevent Enterprise data on
    • the managed partition moving to some other place (thumb drive, user partition,
    • etc.).
  10. Enhanced Enterprise Rights Management With Geo-Fencing  (LBS)
    • Location Base Services - One or more location tracking servers must add support for EPID and HMAC
    • signature validation of location data transmitted by vPro platforms and make the
    • resulting, attested location data available to 3rd party applications through an
    • API.  The location tracking servers must also implement the RESTful API required
    • for configuration and communication between the vPro platform and location
    • tracking server. One or more ERM solutions must consume the attested location
    • data and compare it against configurable geo-fence boundaries to control
    • document access based on physical location. 

    • IT Perspective: * A location tracking server and associated infrastructure is
    • deployed and configured for tracking physical location of WiFi devices. * vPro
    • platforms are deployed to supported corporate users. * IT enables secure
    • location based services through the PROSet administrator tool by pushing
    • appropriately configured wireless profiles to each client system.  An additional
    • tool, such as the SCS, is used to configure the LBS DAL applet with the
    • necessary certificates for EPID signature creation (the "Secure" in Secure LBS).
    • * Additional configuration is performed by IT through the location tracking
    • service communicating to the vPro endpoint through the secure and authenticated
    • channel configured by the SCS. * Geo-fence boundaries are configured in the
    • corporate ERM solution.  Each boundary is assigned an associated set of document
    • access policies. 
    • * The user accesses corporate documents after authenticating with the ERM
    • solution configured on their vPro platform.
    • * As the user moves from one area of the corporate campus to another (e.g.
    • from cubicle to café, or office to home) access to sensitive documents is
    • changed to comply with corporate document access policies.
  11. VMCS Shadowing
    • A logical processor uses
    • virtual-machine control data
    • structures (VMCSs) while it is in VMX operation.
    • These new structures manage transitions into and out of
    • VMX non-root operation (VM entries and VM exits) as well as processor
    • behavior in VMX non-root operation. This
    • structure is manipulated by the new instructions VMCLEAR, VMPTRLD,
    • VMREAD, and VMWRITE.
  12. XenGT
    • Graphics Virtualization - The Graphics Processing Unit (GPU) has become a fundamental building block in
    • today’s computing environment, accelerating tasks from entertainment
    • applications (gaming, video playback, etc.) to general purpose windowing
    • (Windows* Aero*, Compiz Fusion, etc.) and high performance computing (medical
    • image processing, weather broadcast, computer aided designs, etc.).
    • Today, we see a trend toward moving GPU-accelerated tasks to virtual machines
    • (VMs). Desktop virtualization simplifies the IT management infrastructure by
    • moving a worker's desktop to the VM. In the meantime, there is also demand for
    • buying GPU computing resources from the cloud. Efficient GPU virtualization is
    • required to address the increasing demands.
    • Enterprise applications (mail, browser, office, etc.) usually demand a
    • moderate level of GPU acceleration capability. When they are moved to a virtual
    • desktop, our integrated GPU can easily accommodate the acceleration requirements
    • of multiple instances
  13. IPT
    Intel® Identity Protection Technology 

    An Added Layer of Hardware-based Security

    • Protecting your identity and business data stored in the cloud requires
    • strong authentication that's ideally rooted in hardware. Hardware-based
    • authentication is widely regarded by security experts as a more effective
    • approach than software-only authentication.
    • Select PCs and other devices feature tamper-resistant, two-factor
    • authentication built right into new
    • Intel® Core™ vPro™ processors. Intel® Identity Protection Technology (Intel®
    • IPT)1 helps prevent unauthorized access to your important personal
    • and business accounts while reducing the cost of traditional hardware solutions.
    • It also provides a simple way for web sites and businesses to validate that a
    • user is logging in from a trusted PC.
    • How Does Intel® Identity Protection Technology Work?


    Intel IPT with one-time password (OTP)

    • ntel IPT protects network and web site access points by providing enterprises
    • with several ways to validate that a legitimate user—not malware—is logging in
    • from a trusted platform. One option utilizes a one-time password (OTP), a
    • unique, one-time-use, six-digit number generated every 30 seconds from an
    • embedded processor. This tamper-proof solution operates in isolation from the
    • operating system.1 Moreover, because the credential is protected
    • inside the chipset, it cannot be compromised by malware or removed from the
    • PC.
  14. AES-NI
    • Intel® AES-NI is a new encryption instruction set that improves on the
    • Advanced Encryption Standard (AES) algorithm and accelerates the encryption of
    • data in the Intel®
    • Xeon® processor family and the Intel® Core™
    • processor family.
    • Comprised of seven new instructions, Intel® AES-NI gives your IT environment
    • faster, more affordable data protection and greater security, making pervasive
    • encryption feasible in areas where previously it was not.

    • Encryption is frequently recommended as the best way to secure
    • business-critical data, and AES is the most widely used standard when protecting
    • network traffic, personal data, and corporate IT infrastructures.With
    • recent advancements in cloud
    • computing, where personal or business-critical information leaves the
    • traditional IT environment, a more widely usable and secure encryption standard
    • such as AES and acceleration mechanism like Intel® AES-NI are essential.
    • Thankfully, AES is a widely-deployed encryption standard when protecting
    • network traffic, personal data, and corporate IT infrastructures; and Intel®
    • AES-NI can be used to accelerate the AES encryption. With such robust,
    • affordable, and flexible options, Intel® AES-NI can help your business stay
    • ahead of growing threats.
  15. PKI
    Public Key Infracturcre -Intel® IPT with PKI uses the Intel® Management Engine (Intel® ME) and 3rdGeneration Intel®Core™ i5 or i7 vPro™ processor-powered systems to provide a hardware based security solution. This solution provides enhanced protection of RSA cryptographic keys. The Intel® IPT with PKI software is exposed as a CSP via the Microsoft CryptoAPI software layer. Software that supports the use of cryptographic features through CryptoAPI can use Intel® IPT with PKI to:
  16. DPT
    Device Protection Technology 

    • intel DPT with Security Extensions: 
    • Dynamic Whitelisting, Power Effiecient Scans, URL Filtering, Intent Filering, Contextual Permisiion
    • Intel DPT with Manageability Extensions (MDM)
    • •Remote
    • Configuration

    • •Application
    • Management

    • •HW/SW
    • Control

    • •Inventory
    • Monitoring

    • •Kiosk
    • Mode

    • •Security
    • Restrictions

    • •Expense
    • Mgmt

    • Intel DPT with Manageability
    • Extensions  (Containers)
    • •Containerize any app, from any
    • store

    •“No Wrapping” or specialized apps

    •Uncompromised native experience

    •Selective mgmt. of corp data
Author
bewillis
ID
272260
Card Set
SSG 2014
Description
Study
Updated

  1. Home
  2. Flashcards
  3. Preview